Posted on 31 Comments

Phishing tutorial for beginners : Step by step guide

Phishing is one of the unique method of hacking that involves social engineering. What exactly is phishing? Phishing is an act of presenting a fake page resembling the original webpage you intend to visit with the sole intention of stealing your credentials. This post  demonstrates phishing tutorial for beginners. Although we make a phishing page of Facebook in this tutorial, it can be used to make a phishing page of any website.  So now let’s phish.

Open your browser,  go to the Facebook website, Right click on the webpage and click on “view page source”.

The source of the web page is displayed in the browser. Right click on the page and click on “Save As”. Save the page as “index.html” on your computer.

Now open index.html using notepad and hit CTRL+F”.In the Find box opened, type “action” and  click on “Find Next”. Look at the value of action. This “action” specifies the website what to do after users enter credentials and submit those. 

Now change the value of action to “phish.php”. We are doing this so when the user enters his credentials the page that loads will be “phish.php” and not the usual page Facebook loads.

Now let’s create the page phish.php. Open Notepad and type the following script into it and save it as “phish.php”. What this script does is it logs the user credentials and saves it to a file named “pass.txt”.

Now our files are ready. Next step is to upload these files to any free web hosting site available on the internet. Google for free web hosting sites, select any one of them(I selected bytehost7), create an account with username as close to Facebook as possible and delete the index.html file available in the htdocs folder. Then using Online File Management upload your own index.html and phish.php files to the htdocs folder. Your htdocs folder will look like below.

 Let’s check if our phishing page is ready by typing the address of our site. If the page is like below, then our phishing page is working.

The next thing we have to do is to send address of our fake website to the victim. We will do this through sending him an email but in order for the victim not to smell something fishy, we will obfuscate the URL of the fake page we are about to send him. The sending email address should be as convincingly close to Facebook as possible.

 When the victim clicks on the obfuscated URL, it will bring him to our fake site.

 If the victim is not cautious enough as to observing the URL and enters  his username and password, our attempt is a success. To show this, I will enter random values in both username field and password field and hit Enter.

Now a txt file with name pass.txt will be created in the htdocs folder containing both the username and the password.

 Click on the file. We can see both the email and the password i have entered. The email is “don’t get hacked” and the password is “like me”. 

Find it difficult? See how to do phishing with Weeman HTTP server

 Counter Point:

If you don’t want to fall victim to phishing, you can take a few precautions . If you want to open a site type the address directly in the URL and don’t open any redirected links. Don’t click on any mails which look malicious like asking for your login credentials.

Posted on 8 Comments

Install Packet Tracer in Windows and Linux

Cisco Certified Network Associate certification has become must for anybody who wishes to start  a career in networking. This certification validates that you have the ability to install, configure and troubleshoot a network. You need  lot of practice for achieving success in this exam. Apart from the labs where you are getting trained for CCNA what if you had a chance to practice at home. Or what if you want to self learn for CCNA? Well for both of the questions above, Cisco Packet Tracer is the perfect answer. To quote from Cisco’s official website, Packet tracer is

“a powerful network simulation program that allows students to experiment with network behavior and ask “what if” questions.”

It further says,

“The simulation-based learning environment helps students develop 21st century skills such as decision making, creative and critical thinking, and problem solving. Packet Tracer complements the Networking Academy curricula, allowing instructors to easily teach and demonstrate complex technical concepts and networking systems design.”

Nothing could have defined that better. This software is available for free from Cisco’s website provided you are a registered Networking Academy student, alumni, instructor, or administrator. Even if you are not one among the above you could still get hold of this software, just google it.

Now I’m gonna show you how to install packet tracer in Windows and Linux.

1.Windows

Any installation in Windows is just clicks and mouse and the same applies to Packet tracer. Click on the exe file downloaded. The below screen appears. Select “I accept the agreement” and click on “Next”.

Setup will show the folder in which the program’s shortcuts will be created. If you want to change the folder, you can change it. Click on “Next”.

Then the program will ask whether to create a Desktop icon and create a Quick Launch icon. Make your own choice and click on “Next”.

Then the summary of the settings we selected is displayed. Click on “Install”.

The installation starts as shown below.

In seconds, installation gets completed and the below screen is shown. Click on “Finish”.

Then the below popup appears asking you to close or restart your computer. Click on “OK”.

As we selected Launch option, Packet tracer is automatically launched.

2. Linux

To install Packet Tracer in Linux, we need a .deb package of Packet tracer which can be downloaded from here. Now I am going to install it in Ubuntu Precise Pangolin (12.04). Download the above file to the desktop.

Start the terminal and see your current working directory by typing “pwd”. If the current directory is not desktop move to the Desktop directory using “cd”. After reaching the Desktop directory, type “ls” to see if the packet tracer binary is there.

Left click on the packet tracer .bin file displayed after typing “ls” above, the entire word will be selected. Then right click and select copy. Now type “chmod +x” and then hit “CTRL+SHIFT+V “to paste the text we copied above. Our command should look like this.

                       chmod +x  PacketTracer533_i386_installer-deb.bin

What chmod +x command does is that it gives all users permission to execute.

Then type “./PacketTracer533_i386_installer-deb.bin” in the terminal. This will start extracting the binary package.

Then terminal prompts us to hit Enter to read the End User License Agreement.  Enter.

After displaying a rather long EULA, terminal asks us if we accept the terms of EULA. Type “Y”.

Then system asks us for the sudo password. Type the password and hit Enter.

When the installation is finished, close the terminal, go to Dashboard, if packet tracer is not seen, type ‘pac’ in the search box. When Packet Tracer is shown, click on it.

A message box shows up saying that we are starting packet tracer for the first time and our files will be stored in a specific folder. Click on “OK”.

Another message box pops up. Click on OK”.

Packet tracer is started.

Posted on Leave a comment

Installing a domain controller in Windows Server 2012

Hi Friends, Today we will see how to install and promote a domain controller in Windows server 2012. It has seen a change while installing a domain controller. The “dcpromo.exe” present in previous versions has been deprecated. We need to install domain controller from Server Manager only. Before we start installing the domain controller let’s change our server’s name to ‘Server‘ and IP address to “10.10.10.1″.

Now let’s go to Server Manager and start adding Active Directory Domain Services” role from Add Roles and Features. Click on “Add Roles and Features”.

Before we begin, we are presented with basic information on IP addresses, Windows updates and configuring strong passwords. Click “Next”.

Then we are prompted for the type of installation. Select Role Based or Feature based installation” and click Next”.

Then we are prompted to select the destination server. Select the server we just named and click “Next”.

Then we are asked to select the roles we want to install. Select Active Directory Domain Services and click “Next”.

Then we get a pop-up to add features that are required for Active Directory domain services. These features are automatically selected. Click on Add Features”.

We can see that Group Policy Management which is required for Active Directory Domain services has been automatically selected.

Then we are given a brief description about Active Directory domain services and some basic things to note. Click Next”.

Then we are shown the roles that will be installed on the server as a confirmation. Click on Install”.

Then the installation starts.

As the installation is finished, we get a message ‘Configuration required. Installation succeeded on server’. Click on Close”.

We have successfully installed Active Directory Domain Services on our server. Now we need to promote the domain controller. In the previous versions of Windows server, it is here we used dcpromo.exe. In our Server Manager, we have a notification flag with a yellow triangle with an exclamation mark inside it. Click on it.

Click on ‘Promote this server as domain controller’.

We are prompted to choose the configuration of our domain controller. Choose Add a new forest and specify the root domain name as shunya.com. Click on Next”.

We are asked to choose the domain controller options. Set the forest functional level and domain functional level as Windows Server 2012. Select DNS server. Since this is the root domain in the forest it is automatically Read only domain controller. Enter the DSRM password and click on Next”.

Then DNS options screen appears. Click on Next”.

Look at the NETBIOS name which is automatically assigned. It is shunya.

The location where the AD DS database, log files and SYSVOL are shown. We can specify different locations if we choose to be. Click on Next”.

Then we see a review of our selections. Click on Next”.

Then we see a Windows PowerShell script for AD DS deployment.

Then we get a prerequisites check window. Click on Install”.

After all the prerequisites are validated successfully, the server is successfully configured as a domain controller and the system is restarted.

After the system restarts, we are asked to login into the shunya domain.

Posted on Leave a comment

Classification of ports by Nmap

Scanning plays a very important role in hacking a system. Scanning is a phase in which we  find out the ports which are open and the services listening on those ports. Nmap is the most popular port scanner being used security guys nowadays. However it is very important to understand classification of ports by Nmap while scanning. Nmap classifies ports into six states. They are, open, closed, filtered, unfiltered, open | filtered and closed | filtered. Let us find out when Nmap classifies ports into specific states. For this, I use two virtual machines,

1. Kali Linux as attacker (with IP 10.10.10.2)

2. XP as victim (with IP 10.10.10.3)

On the victim machine, Telnet server is running and an exception is provided for it in windows firewall.

1. Open

Nmap classifies a port as open if an application is actively accepting TCP connections, UDP datagrams or SCTP associations on this port.

When I perform a default Nmap scan from the attacker of port 23 of the victim,

Nmap  –p 23 10.10.10.3

The result I get is open. This is because the Telnet server is actively accepting connections.

2. Closed

Nmap classifies a port as closed when the port is accessible but there is no application listening on it.  On our victim machine, let’s stop the the telnet service as shown below.

Now when we perform the above scan again, the port is shown as closed because although the port is accessible we don’t have any application listening on it.(i.e telnet is stopped)

3. filtered

Nmap classifies a port as filtered when it can’t determine whether the port is open or closed because packet filtering prevents its probes from reaching the port. On our victim machine, let’s  select ‘Don’t Allow Exceptions’ option in the firewall settings.

When we perform the above scan once again, the port is classified as filtered because firewall filtering blocks the probes of Nmap. When Nmap classifies a port as filtered, it is most likely that a firewall is blocking our probes.

4. Unfiltered.

Nmap classifies a port as unfiltered when a port is accessible but it can’t determine whether it is open or closed. A port is classified as unfiltered only with the ACK scan.

Let’s start the telnet service again on our victim machine and allow an exception for telnet in the firewall.

Then let us perform the ACK scan.

nmap  -sA –p 23 10.10.10.3

The scan couldn’t determine whether the port is open or closed.

5. open | filtered

A port is classified as open | filtered when Nmap is unable to determine whether a port is open or filtered. This happens for scan types in which open ports give no response. The UDP,IP protocol, FIN, NULL and XMAS scans classify ports this way. Let’s go to our machine and once again block telnet using firewall.

And then perform FIN scan and NULL scan respectively.

The port is classified as open | filtered in both cases because Nmap can’t determine whether the port is open or filtered.

6. closed | filtered

Nmap can’t find out whether a port is closed or filtered. A port is classified this way only for IP IDLE scan. Now what is IDLE scan? Idle scan is a scan in which we use a zombie host to scan the victim. In our example, we use another host with IP 10.10.10.3 as a zombie to perform IDL scan on our victim.

In our victim, firewall is still blocking telnet. Let’s perform a IP IDLE scan.

nmap –sI  10.10.10.1 –p 23 10.10.10.3

The scan shows result as closed | filtered because it couldn’t determine whether a port is closed or filtered.

Posted on Leave a comment

Password cracking with Brutus

Hi everybody, today I’m gonna show you remote password cracking with Brutus. For the newbies, script kiddie is a person with little knowledge  of hacking or any programming languages and instead searches for automatic tools to hack the computers. In this scenario, script kiddie is using a Windows XP machine and two tools Zenmap and Brutus avilable for free to download. As you will see, Zenmap is used for scanning for any open ports of  live machines and Brutus is a password cracker.

Imagine I am the script kiddie, I  first find out my own computer’s  ip address by typing the command “ipconfig” in the command line.

The ip address of my system happens to be 10.10.10.1. I decide to scan the following range of ip addresses to look for any live hosts. In the target option, I specify ip address as 10.10.10.2-10 and I choose profile as intense scan to get maximum information about the target. After performing the scan, the results show that only one system 10.10.10.3 is alive.

The scan  also shows that the victim machine which is live  is running a ftp server and its operating system is Windows XP.

I decide to use Brutus to crack the remote FTP password. Brutus has both dictionary and bruteforce attack options. I decide to choose dictionary attack since it is faster than bruteforcing. Brutus comes with a built in username(users.txt) and password list(pass.txt).As the victim machine is running Windows xp which comes with a default administrator account, I decide to  add “administrator” to the users.txt file.

I choose type as FTP since I am about  to crack a FTP server.

Then I select the file pass.txt containing some common passwords and just hope to crack the password.

Then after starting the cracker, Brutus runs and gives one positive authentication result.

Username : administrator

Password: 123456

Then I try to log into the FTP server of the remote machine using cmd with the authentication result achieved above.

I successfully logged into the FTP server.Once I am into the remote machine I try some ftp commands but before that I change my local directory to Desktop.

Then I use DIR command to list the directories in the FTP server.

There are four directories in the FTP server:Detroit,Images,lena and users. I  go to the users directory using command cd users and then list the files in the directory by using command ls. There is one text file named users.txt in the directory.

I decide to download the file users.txt to my machine using the command get users.txt. Since I had set my local directory to desktop it will be downloaded to desktop.

Let’s see the contents of the users.txt file just downloaded. It contains some usernames and passwords.

In the same way, I enter into another directory of interest to me “Images” and download the only image present in it to my desktop.

In this way, I can download any number of files from the remote server to my local machine. That’s all for in password cracking with brutus.

Posted on 2 Comments

Server GUI to Server Core switching in Windows 2012

Microsoft has always been recommending the Server Core Installation for its servers over the full server installation. As is well known, Server Core Installation which is the minimal install of the server version reduces the space for attack vector by hackers. It also reduces the usage of resources. But the Server Core Installation makes administration intimidating as it requires the administrators to be a PowerShell expert.
With Windows Server 2012, Microsoft has introduced a new feature that would allow switching from Server GUI to Server Core Installation and vice versa. This enables administrators to install and configure the server in GUI and then switch to Server Core installation. Although there are many ways to switch from Server GUI to Server Core installation, the easiest way to perform this switching is by simple PowerShell commands. I am gonna show you how. For this, I have installed Windows Server 2012 standard GUI installation in Vmware workstation.

Then open PowerShell and type the command

Remove-windowsfeature Server-gui-shell,Server-gui-mgmt-infra” and hit Enter.

The process of disabling the GUI starts and the display is as same as below.

After a short time, the process is completed and it prompts you for a restart.

Restart the machine by typing “shutdown –R –T 0″ and hit ENTER.

After the reboot, the system asks for administrator password on entering which it switches to Server Core Installation.

To enable back the GUI, enter into PowerShell by typing command “powershell.exe” in the cmd and hit ENTER. In PowerShell, type the same command as above replacing Remove with Install and hit ENTER.

Install-windowsfeature server-gui-shell,server-gui-mgmt-infra”

After completing the process, the system prompts for a reboot. Reboot the system by typing command “shutdown –r  –t 0″ and hit ENTER.

The system successfully  switches over to Standard GUI installation.

Note:

Although the Server Core Installation is the preferred deployment, it does not support all roles. The roles supported by the server core installation are,

  • Active Directory Domain Services
  • Active Directory Certificate Services
  • DHCP server.
  • DNS server.
  • AD LDS
  • Hyper-V
  • Streaming Media services
  • Print and Document Services
  • Web server
  • Windows update server
  • Active Directory Rights Management Server
  • Routing and Remote Access Server.